"Attackers Can Break Voice Authentication With up to 99 Percent Success Within Six Tries"
Computer scientists at the University of Waterloo have discovered an attack technique that can bypass voice authentication security systems with a success rate of up to 99.9 percent after only six attempts. Voice authentication, which enables businesses to verify the identity of their clients through a unique "voiceprint," has become increasingly implemented in remote banking, call centers, and other security-sensitive situations. In order to enroll in voice authentication, the user must repeat a specific phrase in their own voice. The system then extracts a unique vocal signature (voiceprint) from the provided phrase and stores it on a server, explains Andre Kassis, a Computer Security and Privacy Ph.D. candidate and the study's lead author. For future authentication attempts, they are asked to repeat a different phrase, and the features extracted from it are compared to the voiceprint stored in the system to determine if they should be granted access. Following the introduction of voiceprints, malicious actors soon realized they could apply Machine Learning (ML)-enabled "deepfake" software to create convincing copies of a victim's voice using as little as five minutes of recorded audio. This article continues to discuss the attack method that can bypass voice authentication security with a high success rate.